Setup includes Microsoft account, which I’m not sure will be great for Enterprise environments. Will definitely need something for nLite, WinReducer or RT Se7en Lite.

Setup is very user friendly for home users.

Start Menu is just plain weird. Better than Win 8. Niftiest thing so far was right clicking on the start menu button. They moved System and Properties to the start menu button rather than right clicking My Computer.

Windows Update hides a lot of information and is dumbed down. Maybe a good choice for home users, but not so great in the corporate environment or for advanced users. On the other hand, File History looks promising for users to back up their data, and Recovery has a lot of good options for home users. There is a “Refresh” option that likely restores Windows and registry to baseline without deleting user data, “Reinstall Windows” that wipes everything and an Advanced Startup likely for power users.

There’s a way to get to the ‘real’ Windows Update interface. Right click start menu, Control Panel, Windows Update. Yay!

I skipped OneDrive setup, and it setup anyways.

I like the App Store, it looks exactly like Google Play. But again, corporate environment should be interesting. I’d love if they had an enterprise app store. Be nice for licensing compliance.

Howdy folks, it’s getting closer to everyone’s favorite holiday season. No doubts you’re looking forward to Trick’r’Treat, maybe a costume party, or ritualistic sacrifice to the Dark Ones! But always remember, safety comes first! Now, here’s some very simple rules that should make your Halloween a fun and safe holiday for everyone!

1. If someone tells you that you are the Chosen One and must save whoever or whatever, kill them and change your name.
2. Same bloody well goes for any harbinger of any “prophesy”. If possible, resurrect them and kill them a second time.
3. If a mysterious and beautiful woman appears out of nowhere and is interested in you, run.
4. If you see a lone young child in the middle of nowhere and is uncommonly cheerful and/or giggling, run like you heard banjos.
5. Black cats, not so bad. Black dog that watches you without ever blinking? Don’t run. Slowly back away.
6. Attics? Tell one of your buddies that you hid the beer up there.
7. Cellars? Tell your buddy that you forgot you moved the beer down to the cellar. That’s the point of buddies, they’re gullable.
8. Bullets may or may not work. Either way, shoot the evil entity. A lot.
9. Fire always makes a situation better. Or more entertaining, and that’s the truly important thing.
10. If mysterious folk with foreign or ancient accents pop on any suspicious date (full moon, ides of march, etc), pretend to not understand them.
11. If you can’t outrun the evil entity, well, you only have to outrun the more cliche characters.
12. For the love of the gods, if you are driving at night, fill the tank when you’re between a quarter and half tank.
13. Fix-A-Flat. Cheaper than being hung up on a rusty meat hook.
14. Hawt chicks are like canaries. Always keep a few around when you visit Bad Place. They’ll die first.
15. Little known fact, vampires are allergic to magnesium. When ignited and shoved down their throat.
16. If you have reason to believe you are being stalked by an evil entity, someone might want to stay awake when everyone else sleeps.
17. If one member of your party starts hearing voices, party over, time to leave.
18. If a disembodied voice tells you to get out, follow the advice.
19. Vacations to run down shacks in the middle of nowhere never work out well.
20. Vacations to Eastern Europe can end with you dismembered. But they have very attractive women. Definitely worth the risk.
21. If anyone says “But Whatever Bad Entity doesn’t exist”, kneecap them and leave them while the rest of you wait to see if he or she is right.
22. A flamethrower is always appropriate.
23. When various members of your party mysteriously start missing, don’t individually go looking for them.
24. There’s no such thing as overkill. Only “Not enough” and “Needs more”. Remember this when you think the evil critter is finally dead.
25. When you find the sacred/cursed/ancient artifact, don’t screw with it. Just put it on eBay and let the feedback answer your curiosity.
26. If some random weirdo offers you unsolicited food, drugs or drink, politely decline.
27. If the innkeeper is way too happy to see you, leave. They probably want to sacrifice you. Or they have termites.
28. If someone gives you a quest to find something oddly obscure that happens to be bloody far away with implausibly complicated directions, go on a vacation instead.
29. If you really HAVE to go, dial Blackwater’s Rent-A-Friend program then rent a helicopter to take you and friends to said obscure location.
30. If you manage to escape the werewolves, undead, aliens, or whatever long enough to get to the phone, don’t try to explain the situation. Just call the National Guard and tell them al-Qaeda is planning to poison the nation’s beer supplies and they’re currently at such and such an address. You’ll have all the Blackhawks and Apache gunships you’d want in about ten minutes.

Backup your stuff. Period. No exceptions. Viruses, power surges, HD failures, etc will never go away. Evar. Entropy is just one of those things.

For simplest form of backup, copy My Documents, Favorites and Desktop to an external HD (cheap on Newegg, TigerDirect, etc), thumb drive or SD card. Keep one off-site, one in a safety deposit box or a buddy’s place. Swap every few months. Every year or so, buy a new one. Retire the old one to your safety deposit box or whatever clearly labeled with the year in question.

I’m partial to 32 gig micro SD cards for critical data, which are the size of your pinky nail. Very easy to hide.

Next simplest is “cloud” backups. (cloud. ugh.) For home users, I highly recommend BackBlaze. $4-5 a month for unlimited (and they bloody well mean unlimited) storage. There are others, any of them are good enough. Mozy is another.

It’s a very stripped down version. I’m obviously not publishing the locations of anything that’s not standardized stuff. I do daily light backups of log files, configuration files, SQL databases, etc. Weekly backups for my HTML files, graphics, MP3s, videos. Now, in the posted code, I left it using ECB. Why, I friggin forget, but it should be cipher-block chaining. Don’t use ECB in multiple block encryption. Evar. CBC is fine for most stuff, but you could adjust for whatever you’re doing.

Prune it down every month or two and you’re looking at 12 cents a month or so. Most I ever reached was a dollar, because I forgot to prune for a few months. I added an appointment every two months. I keep monthly and yearly heavy uploads.

For a paranoid non-geek home user, use TrueCrypt and just backup the TrueCrypt container. The program and documentation are friendly to non-geeks.

My stock solution is to disconnect from network/internet, remove the crapware “anti-malware” software, blacklight to check for rootkits, Microsoft safety scanner, some of the AV quick scanners, install Kaspersky AV, reconnect to the network/internet and patch the machine.

Ideally, if a user is backing up their data, just format the machine, re-install with an unattended install disk (nLite for the win), install KAV, connect to internet, patch. Microsoft killed off any offline patching utilities. But if you’re clever, you can isolate a port on a switch to only connect with your WSUS server.

You should not be using multiple AV/AM (anti-virus, anti-malware) products under normal circumstances. Pick a good AV and use it solely under normal circumstances. Trend, F-Secure, KAV are top tier. McAfee, Bitdefender, Norton, Clam, Microsoft Security Essentials are second tier. NOD32, AVG, et al are third tier.

Patch your OS and software regularly. Backup your info regularly. This is as important or more important than your AV/AM solution.

Ok, let me start off by saying, I’m not a survivalist. I’m not even really a “prep’er” (preparedness, think survivalist lite). Closest I come is hiking and camping. I however have done a lot of Disaster Recovery and Contingency Planning work, primarily for IT and businesses. It’s entirely the business of mitigating risk to the needs and capacity of the customer. Disaster Recovery, whether for a business or for an individual, is pretty straight forward. It’s just like any other project. Figure out your specifications, and then go about meeting them within time/budget.

We’ll skip the business stuff and go for personal. If you’re a business that’d like DR consulting, feel free to drop me a line at revdisk@ this domain. The examples in this blog posting isn’t meant to be taken overly seriously and will be overstated for entertainment value.

Let’s start off with the specifications. Specifications can be anything, and are the core of any DR planning. You need to know what you want to do before you work toward it. Your specifications can be anything from “personally surviving as many bad things as possible”, “getting my family to crazy Uncle Carl’s fortified retreat in Oklahoma”, “minimizing financial damage from bad things” or “Saving my family”. You can have as many as you’d like, but the more you have the more work you’ll have to do. Keep it as simple as possible, and spend a fair amount of time thinking about your real priorities.

Draw up any significant concerns you have that may impact your specifications.

Growing up within half a mile of TMI, possible nuclear disaster wasn’t an idle thought. There were plenty of other localized concerns. Within fifty miles were chemical plants, ethanol plant, plenty of old bridges, natural gas plants, etc. Spend some time going over what your pressing concerns actually are. “zOMG zombie apocalypse”, “Martians invading the US” or “Russian/Cuban soldiers dropping out of the sky” should not be on it. If they are, you need lithium or at least a long vacation more than you need planning.

It should start off with the most realistic options. For me, it’s snow storms. They occur virtually every year and being shut in for a couple days is very likely.

If you live on a fault line, sooner or later, you WILL have an earthquake of note. Same with a flood plain. If you’re on the coast, do a bit of research and figure out previous damage from storms. Go to the library and do some research. Don’t rank them by how theoretically bad they could be. Rank them intelligently, which means impact assessment * frequency at a minimum. You can factor in other things like financial concerns, social/family commitments or whatnot, up to you.

In this case, my example and Impact Analysis methodology. I ranked by impact multiplied by the likelihood of occurring. A snow storm is not likely to be lethal unless you are intentionally stupid or unprepared. So let’s give it a weight of 3 (on a scale of one to ten for impact). We multiple that weight by the likelihood of happening. Which would be rounded to 10 out of 10. So net weight of 30. Another nuclear meltdown at Three Mile Island might have an impact of 10, but a likelihood of happening at 0.5 (that’s actually too high, but I’m using simple numbers for demonstration purposes), with a final weighting of 5.

So a snow storm should have six times the priority in preparation. If you’re doing one priority at a time, you just sort the list by the weight. If you’re working toward all of them on a schedule, you should allocate resources toward snow storm preparation at six times the rate of radiation from nuclear meltdown preparation.

So suppose I do my research, run my Impact Analysis and come up with a prioritized list of concerns:

You can break them out discretely in as granular manner as you would like. More granular, more works. You can create subsets for variations, but you only want to do that on your revisions and not on your first project.

Obviously, the last two categories are basically anything else not covered on the list. But basically vague general contingency plans for anything that isn’t on your list. An “Other – Localized” could be anything from a very unlikely accident like a train wreck to a meteor strike. Anything where somewhere else is safer than right here, and it’s contained to a specific geographic area.

“Other – Insignificant, Non-Local” means it’s not in your neighborhood and it’s not likely to effect you. You can leave it on, or toss it. But it does sometimes pop up. This category would cover dealing with the secondary effects from someone else’s problems. Katrina refugees would be an example.

Ok, you have your list of priorities. Develop a plan for dealing with each. You want to make your plan as modular as possible. “Stocking extra food in plastic, water resistant containers” would assist in all categories except “House on Fire”. Actually think through the scenario. Walk it out or simulate it as closely as possible.

If your house burned to the ground, what would you actually need? You may have under a minute to get out. An AR15 and a pallet of MREs would be near useless, but copies of your insurance paperwork, birth certificates, medical records, asset documentation, and contact information for friends, relatives, business would be worth their weight in gold. Immediately after a major earthquake, the situation may be reversed.

Start on the highest priorities, and work your way through the list. Make records of your current state, and the state you want to be in when you’re finished. I like a Green-Yellow-Red coded spreadsheet. Gives you a sense of accomplishment as the red and yellow starts to disappear, and more green fills the screen.

Allocate resources in accordance with a schedule, and in direct proportions to your weighted priority list. Leave a margin for targets of opportunity. Once you’re done, draw up a maintenance/inventory schedule. Revisit your Impact Analysis on a set duration (annual, usually).

If you’re working without an overall plan, you’re probably wasting money, time and reducing effectiveness. Go with the right methodology, and you’re more likely to be successful than winging it. The above general “philosophy” is stone cold, tested and true, core disaster recovery management. You can use whatever format you’d like or fits your needs.

k, so you have a wonderfully working email server. Then you try to send an email from your PC or mobile device, with no joy. Congrads, your email is set up right and postfix is refusing to send out unsecured and/or unauthenticated email.

Check smtpd_recipient_restrictions in main.cf, which I usually put dead last in the file. It needs permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination at a minimum. You can test out sasl if you wish at this point. I didn’t bother, but I like living on the edge. Save your main.cf and restart postfix (at the command prompt: postfix reload)

Now run these commands from root.

yum install crypto-utils
genkey –days 1000 mail.domain.tld

I went with the super paranoid encryption level, but that’s me. It’ll take a while to crunch. Don’t encrypt the key. You’d need to input a password at boot, which would be bad. You can sign your key with a CA if you wish, I didn’t see the need to pay to do so for my private email server. The keys should be put in the following locations:

Go to /etc/mail/spamassassin/local.cf
Add or change this line. You can change THIS_IS_SPAM to any constant, just remember to add it to the header check as well. Spelling counts, double check it. It’ll be put in front of anything that SA flags as spam.

Go to /etc/postfix/main.cf
Add the following. Postfix uses this to check or alter headers across the entire server. Don’t use this for trivial activities.

# Spam
header_checks = regexp:/etc/postfix/header_checks

Go to /etc/postfix/header_checks
Put this at the end. It routes all spam to a catch-all email account.

header_checks
/^Subject: THIS_IS_SPAM/ REDIRECT spam@yourdomain.tld

Under ideal circumstances, you really don’t want to do this. You want to reject as much spam as possible BEFORE your email server processes this. Invalid helo, impersonating the server (by IP or host), not RFC 2821 compliant, etc. Blacklists are… problematic at times, but shouldn’t be ignored.

This is however handy if a) your users don’t have/use email programs with build in filters (like a Blackberry not tied to a BES) or b) your users are using low-bandwidth lines to get their email.

Additionally, you can add more filtering to header_checks, such as attachment filtering. Lot of folks block .EXE and .VBS. To do so, add the following to /etc/postfix/header_checks:

Some folks use a plain Linux box running postfix as solely a cheap virus/spam/etc filter for their Exchange environment. It’s not a bad idea, especially if you load balance between two or three very thin Linux boxes. Theoretically, you could also use it for cheap mail retention for DR purposes.

If you are not using virtual users/domains, you probably want to use procmail and an individual template .procmailrc (per user).